[Nix-dev] Re: Isolated programs

[Ludovic Courtès]

Hi Kamil,

>> I think a ‘nix-exec’ tool that would do this would be nice: you give it
>> a program name and arguments, and it launches said program in a chroot
>> with a read-only bind mount of the subset of the Nix store that it needs
>> (a bit like Plash).
>
> Sure, that's certainly interesting. I'm aware of Plash, I used it in one
> project. Lxc (Linux Containers) is a much better technology IMO.

Sure.  But as a first step, it seems that a tool providing an interface
similar to that of ‘pola-run’ [0], focusing on file system access, would
be relatively simple and yet very useful.

Thanks,
Ludo’.

[0] http://plash.beasts.org/wiki/PolaRun